Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reflashed WatchGuard XTM 500 series/beginnings of a homelab

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      SpeedoJoe
      last edited by

      At work we're retiring several WatchGuard firewalls, so I've acquired one of these bad boys. http://imgur.com/LVYcoig.

      Before I start creating a VM domain I'd like to get some basic network infrastructure in place. What I'd like is a class A IP range (10.x.x.x) Sandboxed from my home network (NAT?) with no access except for internet/the firewall acting as the gateway.

      It would be great if someone would explain to me the configuration steps required.

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        That's quite a big ask!  ;) Probably best to break that down into smaller steps. A diagram of what you're trying to achieve always helps also.
        That's an XTM5 you have there by the way, not an X500 which was a much older platform.

        Steve

        1 Reply Last reply Reply Quote 0
        • S Offline
          SpeedoJoe
          last edited by

          Quite right. I knew that already, just got the title wrong. Corrected.

          Good idea on the diagram. I'll draw one up tonight or tomorrow.

          1 Reply Last reply Reply Quote 0
          • S Offline
            SpeedoJoe
            last edited by

            Hope that makes sense. Happy to answer any questions.

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              Ok, you can do that. You will have a double NAT situation though, both the home router and the pfSense firewall are NATing,  which is usually best avoided. It will be fine for almost everything in a test situation though.

              So you will need to change the default IP settings since pfSense uses 192.168.1.1 for it's LAN by default which conflict with your existing network. I suggest you connect a client machine to the pfSense LAN port to configure that before you connect it to the home-router to avoid routing issues.

              Then you need to add firewall rules to prevent devices in the homelab network accessing the 192.168.1.1 subnet. By default the LAN 'allow any' rule will allow that. Put a rule in above that blocking traffic with destination 192.168.1.1/24. That will still allow access to the pfSense LAN interface for DNS and NTP etc and access to external destinations.

              You will not have access to the Homelab network from the 192.168.1.1 subnet. I don't know if you need that.

              A better setup would be to replace the home router with the pfSense firewall and then have both 192.168.1.1/24 and 10.0.0.0/8 (do you need that large a subnet?) subnets configured as internal networks directly. That would mean having some type of modem to connect to your upstream WAN.

              Steve

              1 Reply Last reply Reply Quote 0
              • S Offline
                SpeedoJoe
                last edited by

                Hi Steve

                Thanks for the detailed reply. I'm going to work on this tonight in a VM (the WG is too loud for the current room it's in) and I'll let you know how far I get.

                Thanks again.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.